30 August 2012

Symantec warns of file Extension Spam

Researchers with Symantec have warned users and administrators of an unusual spam outbreak which uses common file extensions to trick users.The company said that the messages have been circulating since mid-August and are linked to online pharmacy sites. According to Symantec researcher Anand Muralidharan, the messages include normal spam content, such as references to current news events and promises of images and video files. The links, however, appear to end with common file extensions.


Among the extensions used are .pdf, .mp3 and .doc as well as the .asp and .mpeg extensions. Rather than loading the referenced file type, the URLs automatically redirect to the pharmacy site.

"The intention of using these particular file extensions could be to evade content filters, which typically look for other types of file extensions," Muralidharan wrote in a blog post.

"Another reason could be to fool users who would expect the links to open the relevant file type."

Malware writers and spammers have been employing a number of novel tricks lately. Earlier this month, a piece of malware known as Ravetonsurfaced. The attack poses as a notice from the FBI and demands that users pay a "fine" in order to restore access to their system.

Earlier this week, the US Computer Emergency Response Team issued a follow-up bulletin noting that the malware was also using the guise of the US Cyber Command to defraud victims.


AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date